package com.itheima.security_config;

import com.itheima.security_service.MyUserDetailsServiceImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;


@Configuration
@EnableGlobalMethodSecurity(prePostEnabled=true) // 开启权限注解 (Spring Security默认是禁用注解的)
public class MyWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
    @Autowired
    MyUserDetailsServiceImpl myUserDetailsServiceImpl;

    @Bean
    public BCryptPasswordEncoder createBCryptPasswordEncoder(){
        return  new  BCryptPasswordEncoder();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(myUserDetailsServiceImpl).passwordEncoder(createBCryptPasswordEncoder());

    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.formLogin().loginPage("/login.html").
                loginProcessingUrl("/login.do").
                failureUrl("/login.html").
                defaultSuccessUrl("/pages/main.html").
                and().
                authorizeRequests().
                antMatchers("/pages/**","/template/**").authenticated().
                and().
                exceptionHandling().accessDeniedPage("/error.html").
                and().
                logout().logoutUrl("/logout.do").invalidateHttpSession(true).logoutSuccessUrl("/login.html").
                and().headers().frameOptions().sameOrigin().// 权限框架会 拒绝iframe组件, 此处配置可访问
                and().csrf().disable(); //禁用  默认 CsrfFilter过滤器  不会比对 token
    }

    // 模板引擎的代码实现
//    @Override
//    protected void configure(HttpSecurity http) throws Exception {
//        //  配置自定义登录表单
//        http.formLogin().loginPage("/user/login").
//                loginProcessingUrl("/login.do").
//                failureUrl("/user/login?error=true").
//                defaultSuccessUrl("/pages/main.html").
//                and().  //  不同配置项 使用and 链接
//                authorizeRequests().
//                antMatchers("/pages/*","/template/**").authenticated().//  所有资源 必须要认证才可以访问
//                and().
//                exceptionHandling().accessDeniedPage("/error.html").
//                and().
//                logout().logoutUrl("/logout.do").invalidateHttpSession(true).logoutSuccessUrl("/mylogin.html").
//                and().headers().frameOptions().sameOrigin();
//    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        // 事实上如果没有在上面的configure方法里配置以下静态资源的权限设置,默认是不被权限框架管理的,所以可以此方法可以不写,但建议还是配置上
        web.ignoring().antMatchers("/css/**","/js/**","/plugins/**","/img/**");
    }
}
